Hackers have leaked internal documents stolen from Leidos Holdings, one of the largest IT services providers to the US government. Leidos Holdings recently learned of the hack, believing the stolen documents were part of a previously disclosed breach of a Diligent Corp. system they used, according to Bloomberg sources. Leidos is reportedly investigating the issue.
The leaked documents, reportedly stolen in two breaches of Diligent in 2022, are causing concern because Leidos’ clients include the US Defense Department (DOD), the Department of Homeland Security (DHS), NASA, and other US and foreign agencies and commercial businesses. Leidos used the Diligent system to host information gathered from internal investigations, according to a June 2023 filing in Massachusetts.
Bloomberg reviewed some of the leaked files on a cybercrime forum, but details were redacted, and authenticity couldn’t be verified. A Diligent spokesperson stated the leak appears to originate from a 2022 hack affecting its subsidiary business, Steele Compliance Solutions, acquired in 2021. Less than 15 customers, including Leidos, used the product at the time.
Diligent promptly notified impacted customers, including Leidos in November 2022, and took immediate action to contain the incident.
The leaked documents highlight the vulnerability of sensitive information within government and commercial entities. Leidos, a major federal IT contractor with $3.98 billion in contract obligations in fiscal year 2022, is now facing the consequences of this breach, raising questions about the security of its systems and the potential impact on its clients.
